Dana Gardner: Hello, and welcome to the next edition of the Hewlett Packard Enterprise (HPE) transformation interview series. I’m Dana Gardner, Principal Analyst at Interarbor Solutions,
your host and moderator for this ongoing discussion on IT
transformation and innovation -- and how it's making an impact on
people's lives.

As organizations move beyond their on-premises data centers,
regulation and data sovereignty issues have become as important as the
technical requirements for their infrastructure and applications.

To learn how organizations have been able to get the best of data control and protection -- along with business agility -- from hybrid cloud models, we're joined Richard Anstey, CTO at Intralinks, and he's based in London. Welcome, Richard.

This is the regulators catching up with the Internet.
The Internet has been somewhat unregulated for a long time, and quite
rightly, the national and regional authorities are putting in place the
right protections to ensure that citizens’ data are looked after and
treated with the respect they deserve.

So it's
becoming more important for companies to understand the regulatory
environment, even those organizations that did not previously feel that
they were subject to such regulation.

Gardner:
So the pendulum seems to have swung from the Wild West Internet toward greater security oversight. Do we expect more laws across more
jurisdictions to make placement of data more restricted? Are we seeing
this pendulum swing more toward regulation?

Anstey: Yes, it’s certainly swinging that way, and the big one for the European Region of course is the General Data Protection Regulation (GDPR),
which is the European Commission initiative to unify the regulations,
at least across the European Union. But the pendulum is swinging toward
a greater level of regulation.

Gardner: How about in Asia-Pacific (APAC) and North America, what’s happening there?

Global issue

Anstey: Post-Snowden,
this has become much more of an issue globally, and certainly across
APAC there have been some very specific regulations in place for
sometime, Singapore Banking Authority being the famous one, but globally
this is becoming much more of an important issue for companies to be
aware of.

Gardner:
So while the regulatory atmosphere is becoming more important for
companies to keep track of, its also more onerous for them as businesses to comply. The Internet is still a very powerful tool
and people want to take advantage of cloud models and compliant data lifecycle
models. Tell us about Intralinks, and about how organizations can have the best of both protected data and cloud models.

Anstey:
Intralinks is in the fortunate position of having been offering cloud
services in highly regulated environments for almost 20 years now. Back
when we were founded, which by the way was really before most people
would do their shopping online, Intralinks was operating things called Virtual Data Rooms
to facilitate very high value, market-moving transactions through
effectively a cloud service. We didn’t call it cloud at that time; we
called it software as a service (SaaS).

But
Intralinks has come from this environment. We've always been operating
in highly regulated environments, and so we're able to bring that
expertise that we have built up over the last 20 years or so to bear on
solving this problem for a wider range of organizations as the
regulation really steps in to control a greater part of the services
delivered over the Internet today.

Gardner: In a
nutshell, how is it that you're able to do, in a highly regulated
environment, what people think of as putting everything in a cloud?

Physical location may be one thing to think about, but there's another thing called logical location.

Anstey:
Well, in a nutshell, it may be tricky, because there's lot to it.
There's a lot of technology that goes into this. And there are a lot of
dimensions around which you need to consider this problem. It's not just
about the physical location of data. Although that may be important,
there are other dimensions. Physical location may be one thing to think
about, but there's another thing called logical location.

The
logical location is defined as the location of the control point of the
encryption as opposed to the location of highly encrypted data, which
many people would argue is somewhat irrelevant. If it's sufficiently
encrypted, it doesn't matter where it is. The location of the key is
actually more important than who controls that key, and more important
than where your encrypted data lives.

In fact, we all
implicitly accept that principle. When you use your online bank, you
don't know the route that that information takes between your home
computer and the bank. It may well be routed across the Atlantic, based
on conditions of the Internet. You just don't know, and yet we
implicitly accept that because it's encrypted in transit, it doesn't
really matter what route it takes.

So there is the
physical location and the logical location, but there is still also the
legal location, which might be to what jurisdiction this information
pertains. Perhaps it pertains to a citizen of a certain country, and so
there is a legal location angle to consider.

And there
is also a political location to consider, which may be, for example,
the jurisdiction under which the service provider is operating and where
the headquarters of that service provider is.

Four dimensions

There
are four dimensions already, but there is another one as well, which is
the time dimension. While it may be suitable for you to share
information with a third party in perhaps a different jurisdiction for a
period of time, the moment that business agreement comes to an end, or
perhaps the purpose or the project for which that information was being
used has come to an end, you also need to be able to clear it up.

You
need to tidy up and remove those things over time and make sure that
just because that particular information-sharing activity was valid at
one point, it doesn't mean that that’s true forever, and so you need to
take the responsibility to clear it up. So there are technologies that
you can bring to bear to make that happen as well.

Gardner:
It sounds as if there is a full spectrum, a marketplace, of
different solutions and approaches to suit whatever particular issues
an organization needs in order to satisfy the regulatory, audit, and
other security requirements.

Tell us about how you
have been working with HPE to increase this marketplace and solve data
sovereignty issues as they become more prominent in more places.

Anstey:
The thing that HPE really helps us with is the fact that while we've
been able for quite a long time to have data centers in multiple
regions -- as the regulation and the requirements of our customers grow -- we need to be even more agile with bringing new workloads up and running in
different locations.

With HPE Helion OpenStack
we're able to spin up a new environment -- a new data center perhaps, or a
new service -- to run in a new location far more quickly and more cost
effectively than we would otherwise be able to if we were starting from the
ground-up.

Gardner:
So it's important to not just be able to take advantage of cloud
conceptually, but to be able to move those cloud data centers, have the fungibility,
if you will, of a cloud infrastructure, a standardized approach that
can be accepted in many different data-center locations, many different
jurisdictions.

Is that the case, and what can we expect for the
depth and reach of your services? Are you truly global?

Anstey: We are
certainly truly global. We've been operating right across the world for a
number of years now. The key elements that we require from this
infrastructure are things like workload portability and the ability to
plug into additional service providers at any time we need to be able to
create a truly distributed platform.

In order to do
that, you need some kind of cloud operating system, and that's what we
feel we get from the HPE Helion OpenStack technology. It means that we
have become much more portable to move our services around whenever we
need to.

Gardner: When you're an organization
and you know that there's that data portability, that there's a true global
footprint for your data that you can comply with the regulations, what does that do for you as a
business?

How does
this, from a business perspective, benefit your bottom line? How does it translate
into business terms?

Enormous uncertainty

Anstey:
The key thing to realize is that there has been an enormous amount of
uncertainty, and in a way, the closure of the Safe Harbor agreement has
been a good thing in that there was always some doubt over its
applicability and its suitability. If you'll forgive the pun, there was
a cloud hanging over it. When you remove that, you still have to get a
little bit more certainty, of ... "Well, that thing definitely doesn't work and
so we need to have a different structure."

Nevertheless,
what happens in that environment of uncertainty is that people start to
play it safe and they start to think, "This cloud thing is a bit scary.
Maybe we should just do it all ourselves, or maybe we should only
consider private cloud deployments." When you do that, you cut off the
huge options and agility that's available from using the cloud to its
full extent.

What would be a bad thing is if, as the
pendulum swings, as you described, toward regulation, people retreat
and give up and say, "This Internet thing, we don’t want to do that.
We're going to reverse the trends and the huge technological advances
that we've been able to leverage over the last 10 years of growth of
cloud."

We believe that by building technology in the
way that we are able to construct it, with all of those options
associated with ways in which you can demonstrably prove that you are
responsibly looking after data over time, you don't have to sacrifice
the agility of the cloud in order to adhere to the regulations as they
come in.

The net is cast wider and wider for the regulation, to the point where
any company that deals with personal data and needs to use that data for
legitimate business purposes will now be covered by regulation.

Gardner: We've talked about data sovereignty from a geographic
perspective, but how about vertical industries? Are there certain
industries that require that global reach, but also need to be highly regulated?

Anstey: The vast majority of the
global banks are our customers already. We also have a very large
footprint in the life sciences, which often has a similar nature in
terms of the level of regulation, especially if you're dealing with
patient data in the field of clinical trials, for example.

But
the reality is that, as this pendulum swings, the net is cast wider and
wider for the regulation, to the point where any company that deals
with personal data and needs to use that data for legitimate business
purposes will now be covered by regulation. This isn't just guidance
now.

When we get through to the next level of EU
regulation, there are some serious fines, including criminal penalties
for executives and fines of up to two percent of global revenue, which
really makes people wake up. It will make a far wider group of companies
wake up than the previous ones who knew that they were operating in a
strict regulatory framework.

Gardner: So in
other words, this probably is going to pertain to many more industries
than they may have thought. This
is really something that’s going to hit home for just about everybody.

Anstey:
Absolutely. Every industry becomes a regulated industry at that point,
when to do business you need to handle the type of data that gets
covered by the regulation, especially if you are operating in the EU,
but as we described, with more to follow.

Gardner:
I'm afraid we will have to leave it there. We've been exploring issues
around data sovereignty and how it's forcing enterprises to consider new
approaches to data, intellectual property and cloud collaboration.

We
have heard from Intralinks, based in New York, about how they have
developed Virtual Data Rooms and are working with HPE to extend their services to virtually any market around the
world.

So a big thank you to our guest, Richard Anstey, CTO at Intralinks. Thank you, Richard.

Anstey: Thank you very much.

Gardner:
And a big thank you as well to our audience for joining us for this
Hewlett Packard Enterprise transformation and innovation interview. I’m
Dana Gardner, Principal Analyst at Interarbor Solutions, your host for
this ongoing series of HPE-sponsored discussions. Thanks again for
listening, and come back next time.